Today, password management app company SplashData released its annual list of the “Worst Passwords of 2014,” the 25 most commonly used passwords used online. Once again, both “123456” and “password” top the list as the most common – and thus the most commonly guessed and compromised – passwords of the year.
The full top 25 list, compiled by analyzing over 3.3 million passwords leaked through hacks and compromises throughout 2014, is as follows:
- 123456
- password
- 12345
- 12345678
- qwerty
- 1234567890
- 1234
- baseball
- dragon
- football
- 1234567
- monkey
- letmein
- abc123
- 111111
- mustang
- access
- shadow
- master
- michael
- superman
- 696969
- 123123
- batman
- trustno1
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” explains SplashData CEO Morgan Slain. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
Beyond this list, SplashData notes that sports terms and teams (e.g., baseball, golfer, yankees) make numerous appearances in the top 100, and are best avoided. Birth years are commonly used as passwords, too, as are popular baby names like “Jennifer” and “hunter.” Hobbies, film names, car brands and popular athletes also made the top 100.
In addition to avoiding these common passwords, it’s common sense to also avoid using any password that may be easily guessed by someone who knows you (or can do a basic amount of research on you online via Facebook). Pet names are notoriously bad passwords, as is your wedding anniversary, birthplace and favorite vacation spot. And if you think adding the number 1 or an exclamation point to the end of a common password somehow adds an extra layer of security, you’re sadly mistaken. The bad guys know that trick too.
So what makes a good password? Here are some of Techlicious’s top tips to minimize your risk of password theft:
- Never reuse the same password across multiple websites.
- Longer passwords are generally better than shorter ones. Make sure yours have at least 8 characters, preferably many more. Mix numbers, punctuation marks and other unusual characters into it if you can.
- Consider using a password manager like RoboForm, Dashlane or LastPass to automatically generate and remember complex password strings. Many of these apps are free, though the coolest features (like syncing across multiple devices and being able to change multiple passwords with a single click) often require premium subscriptions.
For more on keeping your online accounts secure, check out these 5 tips for creating strong passwords.
[Password reminder via Shutterstock]
From Kimbahb on January 21, 2015 :: 11:58 am
Where’s “admin” on the list?
Reply
From Josh Kirschner on January 21, 2015 :: 12:37 pm
“admin” is a common default user name (perhaps, password) on routers and other devices, but likely not as common on websites, where this list comes from.
Reply